Описание
Security update for openldap2
This update for openldap2 fixes the following issues:
Security issues fixed:
- CVE-2017-9287: A double free vulnerability in the mdb backend during search with page size 0 was fixed (bsc#1041764)
Non security bugs fixed:
- Let OpenLDAP read system-wide certificates by default and don't hide the error if the user-specified CA location cannot be read. (bsc#1009470)
- Fix an uninitialised variable that causes startup failure (bsc#1037396)
- Fix an issue with transaction management that can cause server crash (bsc#972331)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
libldap-2_4-2-2.4.41-18.29.1
libldap-2_4-2-32bit-2.4.41-18.29.1
openldap2-client-2.4.41-18.29.1
SUSE Linux Enterprise Server 12 SP2
libldap-2_4-2-2.4.41-18.29.1
libldap-2_4-2-32bit-2.4.41-18.29.1
openldap2-2.4.41-18.29.1
openldap2-back-meta-2.4.41-18.29.1
openldap2-client-2.4.41-18.29.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libldap-2_4-2-2.4.41-18.29.1
openldap2-2.4.41-18.29.1
openldap2-back-meta-2.4.41-18.29.1
openldap2-client-2.4.41-18.29.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libldap-2_4-2-2.4.41-18.29.1
libldap-2_4-2-32bit-2.4.41-18.29.1
openldap2-2.4.41-18.29.1
openldap2-back-meta-2.4.41-18.29.1
openldap2-client-2.4.41-18.29.1
SUSE Linux Enterprise Software Development Kit 12 SP2
openldap2-back-perl-2.4.41-18.29.1
openldap2-devel-2.4.41-18.29.1
openldap2-devel-static-2.4.41-18.29.1
Ссылки
- Link for SUSE-SU-2017:1567-1
- E-Mail link for SUSE-SU-2017:1567-1
- SUSE Security Ratings
- SUSE Bug 1009470
- SUSE Bug 1037396
- SUSE Bug 1041764
- SUSE Bug 972331
- SUSE CVE CVE-2017-9287 page
Описание
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libldap-2_4-2-2.4.41-18.29.1
SUSE Linux Enterprise Desktop 12 SP2:libldap-2_4-2-32bit-2.4.41-18.29.1
SUSE Linux Enterprise Desktop 12 SP2:openldap2-client-2.4.41-18.29.1
SUSE Linux Enterprise Server 12 SP2:libldap-2_4-2-2.4.41-18.29.1
Ссылки
- CVE-2017-9287
- SUSE Bug 1041764